Overview

overview

10

Static

static

54550aef08...70.exe

windows7-x64

10

54550aef08...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54550aef08cf90c9ab0bfd02ce28f1c8a8546956c2882784b1fc485a91e62270

  • Size

    72KB

  • Sample

    220725-e3748seghl

  • MD5

    835d48cd0ce83cf2b429f0ebe6095ec8

  • SHA1

    ebd8d094dd4901651ab59d6fc3b0ab83b3879363

  • SHA256

    54550aef08cf90c9ab0bfd02ce28f1c8a8546956c2882784b1fc485a91e62270

  • SHA512

    0aae78adc48d061341e5437636ace60d710ccf56dc21066c798f2e47d6b55ad82eb371175055d08087285f44f4a21bb46216728a81b14550d0b66d20bd89ab8d

Score
10/10
guloaderdownloaderguloader

Malware Config

Targets

    • Target

      54550aef08cf90c9ab0bfd02ce28f1c8a8546956c2882784b1fc485a91e62270

    • Size

      72KB

    • MD5

      835d48cd0ce83cf2b429f0ebe6095ec8

    • SHA1

      ebd8d094dd4901651ab59d6fc3b0ab83b3879363

    • SHA256

      54550aef08cf90c9ab0bfd02ce28f1c8a8546956c2882784b1fc485a91e62270

    • SHA512

      0aae78adc48d061341e5437636ace60d710ccf56dc21066c798f2e47d6b55ad82eb371175055d08087285f44f4a21bb46216728a81b14550d0b66d20bd89ab8d

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks